diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
new file mode 100644
index 0000000000..0e3b72c4b7
--- /dev/null
+++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,43 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master", "1.23.X"]
+  pull_request:
+    branches: [ "master", "1.23.X"]
+  schedule:
+    - cron: '16 22 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    timeout-minutes: 360
+
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go', 'javascript-typescript' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        category: "/language:${{matrix.language}}"
diff --git a/server/database.js b/server/database.js
index f064fb8be2..6ca4070669 100644
--- a/server/database.js
+++ b/server/database.js
@@ -12,22 +12,40 @@ const mysql = require("mysql2/promise");
  */
 class Database {
 
+    /**
+     * Boostrap database for SQLite
+     * @type {string}
+     */
     static templatePath = "./db/kuma.db";
 
     /**
      * Data Dir (Default: ./data)
+     * @type {string}
      */
     static dataDir;
 
     /**
      * User Upload Dir (Default: ./data/upload)
+     * @type {string}
      */
     static uploadDir;
 
+    /**
+     * Chrome Screenshot Dir (Default: ./data/screenshots)
+     * @type {string}
+     */
     static screenshotDir;
 
+    /**
+     * SQLite file path (Default: ./data/kuma.db)
+     * @type {string}
+     */
     static sqlitePath;
 
+    /**
+     * For storing Docker TLS certs (Default: ./data/docker-tls)
+     * @type {string}
+     */
     static dockerTLSDir;
 
     /**
@@ -84,8 +102,8 @@ class Database {
         "patch-add-certificate-expiry-status-page.sql": true,
         "patch-monitor-oauth-cc.sql": true,
         "patch-add-timeout-monitor.sql": true,
-        "patch-add-gamedig-given-port.sql": true,   // The last file so far converted to a knex migration file
-        "patch-notification-config.sql": true,
+        "patch-add-gamedig-given-port.sql": true,
+        "patch-notification-config.sql": true,      // The last file so far converted to a knex migration file
     };
 
     /**
diff --git a/server/docker.js b/server/docker.js
index 545c14bd6c..a96324a9fa 100644
--- a/server/docker.js
+++ b/server/docker.js
@@ -72,7 +72,6 @@ class DockerHost {
             url: "/containers/json?all=true",
             headers: {
                 "Accept": "*/*",
-                "User-Agent": "Uptime-Kuma/" + version
             },
         };
 
diff --git a/server/model/monitor.js b/server/model/monitor.js
index b45c531236..909a8f1eee 100644
--- a/server/model/monitor.js
+++ b/server/model/monitor.js
@@ -448,7 +448,6 @@ class Monitor extends BeanModel {
                         timeout: this.timeout * 1000,
                         headers: {
                             "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
-                            "User-Agent": "Uptime-Kuma/" + version,
                             ...(contentType ? { "Content-Type": contentType } : {}),
                             ...(basicAuthHeader),
                             ...(oauth2AuthHeader),
@@ -628,7 +627,6 @@ class Monitor extends BeanModel {
                         timeout: this.timeout * 1000,
                         headers: {
                             "Accept": "*/*",
-                            "User-Agent": "Uptime-Kuma/" + version,
                         },
                         httpsAgent: CacheableDnsHttpAgent.getHttpsAgent({
                             maxCachedSessions: 0,      // Use Custom agent to disable session reuse (https://github.com/nodejs/node/issues/3940)
@@ -682,7 +680,6 @@ class Monitor extends BeanModel {
                         timeout: this.interval * 1000 * 0.8,
                         headers: {
                             "Accept": "*/*",
-                            "User-Agent": "Uptime-Kuma/" + version,
                         },
                         httpsAgent: CacheableDnsHttpAgent.getHttpsAgent({
                             maxCachedSessions: 0,      // Use Custom agent to disable session reuse (https://github.com/nodejs/node/issues/3940)
diff --git a/server/uptime-kuma-server.js b/server/uptime-kuma-server.js
index 9d5749f2a4..a47b5b51fc 100644
--- a/server/uptime-kuma-server.js
+++ b/server/uptime-kuma-server.js
@@ -12,6 +12,7 @@ const { Settings } = require("./settings");
 const dayjs = require("dayjs");
 const childProcess = require("child_process");
 const path = require("path");
+const axios = require("axios");
 // DO NOT IMPORT HERE IF THE MODULES USED `UptimeKumaServer.getInstance()`, put at the bottom of this file instead.
 
 /**
@@ -83,6 +84,9 @@ class UptimeKumaServer {
         const sslCert = args["ssl-cert"] || process.env.UPTIME_KUMA_SSL_CERT || process.env.SSL_CERT || undefined;
         const sslKeyPassphrase = args["ssl-key-passphrase"] || process.env.UPTIME_KUMA_SSL_KEY_PASSPHRASE || process.env.SSL_KEY_PASSPHRASE || undefined;
 
+        // Set axios default user-agent to Uptime-Kuma/version
+        axios.defaults.headers.common["User-Agent"] = this.getUserAgent();
+
         log.debug("server", "Creating express and socket.io instance");
         this.app = express();
         if (sslKey && sslCert) {
@@ -411,6 +415,10 @@ class UptimeKumaServer {
             }
         }
     }
+
+    getUserAgent() {
+        return "Uptime-Kuma/" + require("../package.json").version
+    }
 }
 
 module.exports = {